SAP products fall short of the company’s own cyber security standards

SAP announced that several of its own cloud-computing products don’t currently meet its stringent cyber security standards.

According to the company’s announcement, approximately 9% of SAP's 440,000 customers are affected by these shortcomings.

While there have been no known breaches or security incidents related to these shortcomings, currently affected products include SuccessFactors, Concur Technologies and Callidus Software. SAP has opted to update its security-related terms and conditions to meet its high standards. The company also stated that updates to its terms will remain in line with others in the market.

Further, SAP will proceed with remediation of the shortcomings against contractually agreed and statutory standards. The company expects to complete the remediation process in the second quarter of 2020 and cover the costs of the mediation within its 2020 financial outlook.

While SAP has yet to provide more details on the shortcomings, analysts claim this news could have an impact on its client base during the transition from on-site servers to off-site data centers.

“Events like this don’t help SAP’s reputation, and both existing and new customers of SAP will likely spend more time digging into SAP’s product security now,” Jefferies analyst Julian Serafini shared in a recent Reuter’s report.

SAP has spent lavishly on cloud-computing companies for the last decade. The company paid upward of $3 billion for SuccessFactors in 2012, more than $7 billion for Concur in 2014, and over $2 billion for Callidus in 2018.

When absorbing each company, SAP inherited its infrastructure and has since faced difficulty transitioning a number of its subsidiaries away from rival technologies.